Logo
 
firegen home | support | tcp/ip ports | logwiki | support forums
Altair Technologies Ltd. - Firegen report generated on 11/15/2011 6:46:14 PM

FireGen Report
InfoValue
Log profileLog profile fortigate
Analyzed log(s) F:\Logs\Fortigate\2006-10-31-Fortigate.txt (86.00 MB)

Firewall typeFortigate
Analysis intervalAll entries in the specified log
Firewalls
NoFirewallConnectionsTraffic (MB)DenialsWarningsURLs
1FGT8002604401800146,4522,701.7919,57558700
Message types
NoCodeMessage sampleCount
20021010001type=traffic subtype=allowed pri=notice vd=root SN=458307 duration=236 user=N/A group=N/A policyid=49 proto=6 service=443/tcp app_type=N/A status=accept src=69.50.48.72 srcname=69.50.48.72 dst=69.49.150.134 dstname=69.49.150.134 src_int=external dst_int=dmz sent=11500 rcvd=71916 sent_pkt=86 rcvd_pkt=132 src_port=2463 dst_port=443 vpn=N/A tran_ip=0.0.0.0 tran_port=0 dir_disp=org tran_disp=noop 146,452
30022013001type=traffic subtype=violation pri=warning vd=root SN=458728 duration=0 user=N/A group=N/A policyid=61 proto=6 service=80/tcp app_type=N/A status=deny src=10.1.1.148 srcname=10.1.1.148 dst=205.243.60.43 dstname=205.243.60.43 src_int=internal dst_int=external sent=0 rcvd=0 src_port=1469 dst_port=80 vpn=N/A tran_ip=0.0.0.0 tran_port=0 19,454
40101023002type=event subtype=ipsec pri=notice vd=root loc_ip=69.49.150.10 loc_port=500 rem_ip=24.97.162.254 rem_port=500 out_if=external vpn_tunnel=SysEng-VPN cookies=999832fa9e4c7e8a/951ec852745dd5fb action=negotiate status=success msg="Responder: tunnel 24.97.162.254, transform=ESP_3DES, HMAC_SHA1"154
50101023003type=event subtype=ipsec pri=error vd=root loc_ip=69.49.150.10 loc_port=500 rem_ip=63.77.242.162 rem_port=500 out_if=external vpn_tunnel=SCC-Primary cookies=1349866be05ab9e6/669e8b95aeea00e1 action=negotiate status=negotiate_error msg="Negotiate SA Error: Peer's id payloads do not match local policy."556
60101023004type=event subtype=ipsec pri=notice vd=root loc_ip=69.49.150.10 loc_port=500 rem_ip=24.97.162.254 rem_port=500 out_if=external vpn_tunnel=SysEng-VPN cookies=999832fa9e4c7e8a/951ec852745dd5fb action=negotiate init=remote mode=quick stage=2 dir=inbound status=success msg="Responder: parsed 24.97.162.254 quick mode message #2 (DONE)"1,909
70101023006type=event subtype=ipsec pri=notice vd=root loc_ip=69.49.150.10 loc_port=500 rem_ip=24.97.162.254 rem_port=500 out_if=external vpn_tunnel=SysEng-VPN cookies=999832fa9e4c7e8a/951ec852745dd5fb action=install_sa in_spi=7b4e35fb out_spi=5d920960 msg="Responder: tunnel 69.49.150.10/24.97.162.254 install ipsec sa"154
80101023007type=event subtype=ipsec pri=notice vd=root loc_ip=69.49.150.10 loc_port=500 rem_ip=63.77.242.162 rem_port=500 out_if=external vpn_tunnel=SCC-Primary cookies=f626dde421e12e2c/58f225bcf785c2b0 action=delete_phase1_sa msg="Deleted an Isakmp SA on the tunnel to 63.77.242.162:500"346
90101023008type=event subtype=ipsec pri=notice vd=root loc_ip=69.49.150.10 loc_port=500 rem_ip=63.77.242.174 rem_port=500 out_if=? vpn_tunnel=FGh_FtiLog1 cookies=1d08bbf24c2a6a15/399b9241a7e2ab4f action=delete_ipsec_sa enc_spi=4be2f833 dec_spi=f7354e7b msg="Deleted an IPsec SA on the tunnel to 63.77.242.174:500"152
100104032006type=event subtype=admin pri=information vd=root user="admin" ui=GUI(63.75.200.25) action=login status=success reason=none msg="User admin login successfully from GUI(63.75.200.25)"08
110104032007type=event subtype=admin pri=information vd=root user="nsnm-ro" ui=ssh(10.1.1.252) action=logout status=success reason=exit msg="User nsnm-ro Logs out from ssh(10.1.1.252)"02
120104032105type=event subtype=admin pri=notice vd=root status=update virdb=yes idsdb=yes libav=yes aven=yes imap=yes smtp=yes pop3=yes http=yes ftp=yes fcni=yes fdni=yes idsmn=yes idssn=yes msg="Fortigate push update virdb(6.779) idsdb(2.328) aven(2.002) idsen(1.035) from 206.191.24.179:443"17
130211060000type=virus subtype=infected pri=notice vd=root serial=449907 user="N/A" group="N/A" src=10.1.1.9 dst=66.98.238.101 src_int=internal dst_int=external service=http status=passthrough file="kaspersky.zip" virus="Suspicious" url="http://update.gfisoftware.com/avx/kaspersky.zip" ref="http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=quickSearchDirectly&virusName=Suspicious" msg="The file kaspersky.zip is infected with Suspicious."23
140419070000type=ips subtype=signature pri=alert vd=root serial=387540 attack_id=107347979 severity=critical src=10.1.1.15 dst=69.49.150.146 src_port=80 dst_port=31241 src_int=internal dst_int=port2 status=detected proto=6 service=31241/tcp user=N/A group=N/A ref="http://www.fortinet.com/ids/ID107347979" msg="http_decoder: request_smuggling, aggregated 4 times [Reference: http://www.fortinet.com/ids/ID107347979]"68
Firewall: FGT8002604401800

FGT8002604401800 - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-0151.001.914,7502.864852.48
01-0211.000.433,2491.966373.25
02-0331.001.153,3482.026443.29
03-0430.001.133,2241.946193.16
04-0534.001.283,2021.934812.46
05-0644.001.663,5772.156033.08
06-0799.003.693,8972.355052.58
07-08196.007.277,8254.716343.24
08-09216.008.0311,9917.225412.76
09-10215.007.9712,0197.241,0225.22
10-11195.007.2210,7446.477934.05
11-12212.007.8612,7807.707093.62
12-13177.006.5710,4226.285993.06
13-14214.007.9311,9277.186673.41
14-15179.006.667,9574.796953.55
15-16187.006.9212,3177.427353.75
16-17141.005.239,4105.676433.28
17-1876.002.824,6432.806413.27
18-1974.002.763,6612.216113.12
19-2074.002.754,7382.851,6368.36
20-2156.002.085,6043.382,04210.43!!!
21-2266.002.464,9232.971,5587.96
22-2358.002.183,8022.299484.84
23-2454.002.036,0173.621,1275.76
FGT8002604401800 - Interfaces
NoInterfacesConnectionsMB%DenialsWarnings
1dmz to external1,50204.6900.170000
2dmz to internal4,94254.9002.030000
3external to dmz10,9551,146.5542.440000
4external to internal10,71338.1401.410000
5external to port29911.5200.430000
6internal to dmz21925.8900.960000
7internal to external113,4491,321.3948.9116,14223
8internal to port194713.5500.500000
9internal to port20414.8000.559600
10N/A to external1,60118.8300.701,85700
11port1 to external3617.5200.650000
12port2 to internal1,98533.9901.261,48000
13Not specified0000.0000.000008
14n/a to external0000.0000.0000556
15if to 0000.0000.000000
16if to external0000.0000.000000
 Total146,4522,701.79 19,575587
Firewall: FGT8002604401800 - Interfaces: dmz to external - Go to top
Top 10 sources
NoSourceBytes%Comment
169.49.150.1382,267,86546.07 
269.49.150.1331,346,35027.353 denials recorded on 4/4/2006 12:10:19 AM
369.49.150.1351,308,61426.58 



Top 10 destinations
NoDestinationBytes%Comment
167.141.56.42,644,67853.72 
263.75.200.11630,93412.82 
3209.222.136.4517,12010.50 
4206.191.24.179371,9387.56 
563.75.200.20314,0036.38 
663.77.242.174230,2964.68 
765.61.202.131199,4204.05 
8204.34.198.4014,4400.29 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
169.49.150.133TCP/443 - ssl-https4761,346,35027.353 denials recorded on 4/4/2006 12:10:19 AM
269.49.150.135TCP/443 - ssl-https4571,298,32826.37 
369.49.150.138TCP/443 - ssl-https261,088,47822.11 
469.49.150.138UDP/514 - syslog212630,93412.82 
569.49.150.138UDP/162 - snmp-trap87303,7176.17 
669.49.150.138UDP/500 - ipsec213230,2964.68 
769.49.150.138UDP/123 - ntp2414,4400.29 
869.49.150.135UDP/162 - snmp-trap0710,2860.21 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
169.49.150.13367.141.56.4TCP/443 - ssl-https4761,346,35027.353 denials recorded on 4/4/2006 12:10:19 AM
269.49.150.13567.141.56.4TCP/443 - ssl-https4571,298,32826.37 
369.49.150.13863.75.200.11UDP/514 - syslog212630,93412.82 
469.49.150.138209.222.136.4TCP/443 - ssl-https11517,12010.50 
569.49.150.138206.191.24.179TCP/443 - ssl-https09371,9387.56 
669.49.150.13863.75.200.20UDP/162 - snmp-trap87303,7176.17 
769.49.150.13863.77.242.174UDP/500 - ipsec213230,2964.68 
869.49.150.13865.61.202.131TCP/443 - ssl-https06199,4204.05 
969.49.150.138204.34.198.40UDP/123 - ntp2414,4400.29 
1069.49.150.13563.75.200.20UDP/162 - snmp-trap0710,2860.21 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https9593,733,15675.83 
2UDP/514 - syslog212630,93412.82 
3UDP/162 - snmp-trap94314,0036.38 
4UDP/500 - ipsec213230,2964.68 
5UDP/123 - ntp2414,4400.29 



Firewall: FGT8002604401800 - Interfaces: dmz to internal - Go to top
Top 10 sources
NoSourceBytes%Comment
169.49.150.13338,395,33566.693 denials recorded on 4/4/2006 12:10:19 AM
269.49.150.13519,176,72333.31 



Top 10 destinations
NoDestinationBytes%Comment
110.1.1.2538,105,31366.19 
210.1.1.1210,845,32318.84 
310.1.1.498,615,42314.96 
410.1.1.275,9990.01 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
169.49.150.133UDP/514 - syslog3,61319,429,94233.753 denials recorded on 4/4/2006 12:10:19 AM
269.49.150.135TCP/2100023018,029,01331.32 
369.49.150.133TCP/2100023117,777,76930.88 
469.49.150.133TCP/220003741,154,7482.01 
569.49.150.135TCP/220003471,036,5101.80 
669.49.150.135TCP/240011060,6300.11 
769.49.150.135UDP/514 - syslog6826,9160.05 
869.49.150.133TCP/240010625,0220.04 
969.49.150.135TCP/240002113,7670.02 
1069.49.150.133TCP/24000127,8540.01 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
169.49.150.13510.1.1.25TCP/2100023018,029,01331.32 
269.49.150.13310.1.1.25TCP/2100023117,777,76930.883 denials recorded on 4/4/2006 12:10:19 AM
369.49.150.13310.1.1.12UDP/514 - syslog2,02010,827,97718.81 
469.49.150.13310.1.1.49UDP/514 - syslog1,5938,601,96514.94 
569.49.150.13310.1.1.25TCP/220003741,154,7482.01 
669.49.150.13510.1.1.25TCP/220003471,036,5101.80 
769.49.150.13510.1.1.25TCP/240011060,6300.11 
869.49.150.13310.1.1.25TCP/240010625,0220.04 
969.49.150.13510.1.1.25TCP/240002113,7670.02 
1069.49.150.13510.1.1.12UDP/514 - syslog3413,4580.02 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/2100046135,806,78262.19 
2UDP/514 - syslog3,68119,456,85833.80 
3TCP/220007212,191,2583.81 
4TCP/240011685,6520.15 
5TCP/240003321,6210.04 
6TCP/13000035,9990.01 
7TCP/2967273,8880.01 



Firewall: FGT8002604401800 - Interfaces: external to dmz - Go to top
Top 10 sources
NoSourceBytes%Comment
164.222.230.20628,194,0772.35 
263.75.200.913,654,8841.14 
3204.10.46.25412,671,6551.05 
4216.220.240.2509,388,4870.78 
5216.195.223.2267,760,3080.65 
6207.190.217.1147,433,6030.62 
724.93.148.1896,302,2150.52 
824.97.228.906,243,4670.52 
9216.204.161.1385,935,5330.49 
1065.217.160.1944,841,0560.40 



Top 10 destinations
NoDestinationBytes%Comment
169.49.150.1341,184,867,99698.55 
269.49.150.13515,508,6751.29 
369.49.150.1331,394,4000.123 denials recorded on 4/4/2006 12:10:19 AM
469.49.150.138414,9420.03 
569.49.150.14157,0510.00 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
164.222.230.206TCP/443 - ssl-https12928,194,0772.35 
263.75.200.9TCP/9020213,654,8841.14 
3204.10.46.254TCP/443 - ssl-https9312,671,6551.05 
4216.220.240.250TCP/443 - ssl-https709,388,4870.78 
5216.195.223.226TCP/443 - ssl-https447,760,3080.65 
6207.190.217.114TCP/443 - ssl-https317,433,6030.62 
724.93.148.189TCP/443 - ssl-https256,302,2150.52 
824.97.228.90TCP/443 - ssl-https126,243,4670.52 
9216.204.161.138TCP/443 - ssl-https205,935,5330.49 
1065.217.160.194TCP/443 - ssl-https224,841,0560.40 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
164.222.230.20669.49.150.134TCP/443 - ssl-https12928,194,0772.35 
263.75.200.969.49.150.135TCP/9020213,654,8841.14 
3204.10.46.25469.49.150.134TCP/443 - ssl-https9312,671,6551.05 
4216.220.240.25069.49.150.134TCP/443 - ssl-https709,388,4870.78 
5216.195.223.22669.49.150.134TCP/443 - ssl-https447,760,3080.65 
6207.190.217.11469.49.150.134TCP/443 - ssl-https317,433,6030.62 
724.93.148.18969.49.150.134TCP/443 - ssl-https256,302,2150.52 
824.97.228.9069.49.150.134TCP/443 - ssl-https126,243,4670.52 
9216.204.161.13869.49.150.134TCP/443 - ssl-https205,935,5330.49 
1065.217.160.19469.49.150.134TCP/443 - ssl-https224,841,0560.40 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https9,3991,185,149,73498.58 
2TCP/9020213,654,8841.14 
3TCP/29981103,136,7040.26 
4ICMP/8 - ping1,437284,9280.02 
5UDP/161 - snmp0716,8140.00 



Firewall: FGT8002604401800 - Interfaces: external to internal - Go to top
Top 10 sources
NoSourceBytes%Comment
110.200.201.1739,997,836100.00 

Top 10 destinations
NoDestinationBytes%Comment
1172.16.229.113,110,30332.78 
2172.16.229.192,873,5697.18 
3172.16.229.42,857,0997.14 
4172.16.229.92,449,2486.12 
5172.16.229.151,753,0234.38 
6172.16.229.141,121,7912.80 
7172.16.229.101,115,7122.79 
8172.16.229.201,114,5362.79 
9172.16.229.171,103,5162.76 
10172.16.229.51,102,8992.76 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.200.201.17UDP/161 - snmp4,37438,386,96095.97 
210.200.201.17ICMP/8 - ping6,3171,200,4203.00 
310.200.201.17TCP/23 - telnet22410,4561.03 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.200.201.17172.16.229.1UDP/161 - snmp18113,026,51032.57 
210.200.201.17172.16.229.19UDP/161 - snmp2022,799,5227.00 
310.200.201.17172.16.229.4UDP/161 - snmp2072,786,6246.97 
410.200.201.17172.16.229.9UDP/161 - snmp1952,377,0175.94 
510.200.201.17172.16.229.15UDP/161 - snmp2001,672,3204.18 
610.200.201.17172.16.229.14UDP/161 - snmp1991,049,5292.62 
710.200.201.17172.16.229.20UDP/161 - snmp2011,043,0802.61 
810.200.201.17172.16.229.10UDP/161 - snmp2011,036,0882.59 
910.200.201.17172.16.229.5UDP/161 - snmp2001,031,9982.58 
1010.200.201.17172.16.229.17UDP/161 - snmp1631,031,9582.58 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1UDP/161 - snmp4,37438,386,96095.97 
2ICMP/8 - ping6,3171,200,4203.00 
3TCP/23 - telnet22410,4561.03 



Firewall: FGT8002604401800 - Interfaces: external to port2 - Go to top
Top 10 sources
NoSourceBytes%Comment
124.39.14.25410,933,24990.52 
272.224.140.1791,000,9088.29 
38.10.222.21361,3140.51 
470.220.243.2723,7020.20 
575.195.108.12719,7680.16 
675.195.20.4715,0790.12 
78.8.93.3014,2480.12 
875.194.33.2259,9730.08 
969.39.70.2315950.003 denials recorded on 10/31/2006 6:30:40 PM



Top 10 destinations
NoDestinationBytes%Comment
169.49.150.14612,078,836100.001455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
124.39.14.254TCP/443 - ssl-https7310,933,24990.52 
272.224.140.179TCP/443 - ssl-https111,000,9088.29 
38.10.222.213TCP/443 - ssl-https0561,3140.51 
470.220.243.27TCP/443 - ssl-https0223,7020.20 
575.195.108.127TCP/443 - ssl-https0219,7680.16 
675.195.20.47TCP/443 - ssl-https0215,0790.12 
78.8.93.30TCP/443 - ssl-https0114,2480.12 
875.194.33.225TCP/443 - ssl-https019,9730.08 
969.39.70.231TCP/443 - ssl-https025950.003 denials recorded on 10/31/2006 6:30:40 PM

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
124.39.14.25469.49.150.146TCP/443 - ssl-https7310,933,24990.521455 denials recorded on 10/31/2006 12:00:27 AM
272.224.140.17969.49.150.146TCP/443 - ssl-https111,000,9088.29 
38.10.222.21369.49.150.146TCP/443 - ssl-https0561,3140.51 
470.220.243.2769.49.150.146TCP/443 - ssl-https0223,7020.20 
575.195.108.12769.49.150.146TCP/443 - ssl-https0219,7680.16 
675.195.20.4769.49.150.146TCP/443 - ssl-https0215,0790.12 
78.8.93.3069.49.150.146TCP/443 - ssl-https0114,2480.12 
875.194.33.22569.49.150.146TCP/443 - ssl-https019,9730.08 
969.39.70.23169.49.150.146TCP/443 - ssl-https025950.003 denials recorded on 10/31/2006 6:30:40 PM

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https9912,078,836100.00 

Firewall: FGT8002604401800 - Interfaces: internal to dmz - Go to top
Top 10 sources
NoSourceBytes%Comment
110.3.1.25426,704,48398.37 
210.1.3.50442,7521.63 



Top 10 destinations
NoDestinationBytes%Comment
169.49.150.13427,147,235100.00 

Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.3.1.254TCP/443 - ssl-https21726,704,48398.37 
210.1.3.50TCP/443 - ssl-https02442,7521.63 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.3.1.25469.49.150.134TCP/443 - ssl-https21726,704,48398.37 
210.1.3.5069.49.150.134TCP/443 - ssl-https02442,7521.63 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https21927,147,235100.00 

Firewall: FGT8002604401800 - Interfaces: internal to external - Go to top
Top 10 sources
NoSourceBytes%Comment
110.3.1.254677,918,92048.93 
210.1.1.9344,817,80524.89943 denials recorded on 10/31/2006 12:01:59 AM
310.1.1.47252,343,80418.21 
410.1.1.25252,163,8113.76 
510.1.1.1214,777,6631.07 
610.1.1.25113,732,0640.995436 denials recorded on 4/4/2006 4:30:22 AM
710.1.1.5211,904,3720.863550 denials recorded on 10/31/2006 12:00:11 AM
810.1.1.2404,183,5120.30 
910.1.1.164,129,5800.3093707 denials recorded on 4/3/2006 11:01:13 PM
1010.1.1.2453,541,8360.264 denials recorded on 2/28/2006 11:02:42 AM



Top 10 destinations
NoDestinationBytes%Comment
166.98.238.101351,674,29125.38 
266.231.220.67252,343,80418.2150 denials recorded on 4/3/2006 11:10:39 PM
3170.146.231.150110,085,0557.95 
412.145.177.3756,486,1564.08 
566.98.238.10235,882,4742.59 
666.220.30.3135,864,6972.59 
7216.218.202.3027,213,8041.96 
866.98.238.11426,603,6971.92 
9209.132.200.3125,367,4791.83 
1064.132.202.20520,910,6381.51 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.3.1.254TCP/80 - http9,875419,843,76330.30 
210.1.1.9TCP/80 - http253344,817,80524.89943 denials recorded on 10/31/2006 12:01:59 AM
310.3.1.254TCP/443 - ssl-https10,212258,058,59618.62 
410.1.1.47TCP/110 - pop390,908239,617,48217.29 
510.1.1.252TCP/80 - http63152,055,3743.76 
610.1.1.12TCP/21 - ftp1414,777,6631.07 
710.1.1.251TCP/80 - http0913,720,3090.995436 denials recorded on 4/4/2006 4:30:22 AM
810.1.1.47TCP/25 - smtp53112,726,3220.92 
910.1.1.52TCP/443 - ssl-https28811,904,3720.863550 denials recorded on 10/31/2006 12:00:11 AM
1010.1.1.16UDP/53 - dns714,126,8490.3093707 denials recorded on 4/3/2006 11:01:13 PM

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.1.1.966.98.238.101TCP/80 - http253344,817,80524.89943 denials recorded on 10/31/2006 12:01:59 AM
210.1.1.4766.231.220.67TCP/110 - pop390,908239,617,48217.2950 denials recorded on 4/3/2006 11:10:39 PM
310.3.1.254170.146.231.150TCP/443 - ssl-https911108,868,1007.86 
410.1.1.25212.145.177.37TCP/80 - http30747,384,6113.42 
510.3.1.25466.98.238.102TCP/80 - http1035,882,4742.59 
610.3.1.25466.220.30.31TCP/80 - http1235,864,6972.59 
710.3.1.254216.218.202.30TCP/80 - http1127,213,8041.96 
810.3.1.25466.98.238.114TCP/80 - http1026,603,6971.92 
910.3.1.254209.132.200.31TCP/80 - http1025,367,4791.83 
1010.3.1.25464.132.202.205TCP/443 - ssl-https85620,910,6381.51 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/80 - http10,947835,382,53260.29 
2TCP/443 - ssl-https10,525271,470,28319.59 
3TCP/110 - pop390,908239,617,48217.29 
4TCP/21 - ftp2514,824,6451.07 
5TCP/25 - smtp53112,726,3220.92 
6UDP/53 - dns1684,405,4920.32 
7TCP/3322012,229,5090.16 
8TCP/2393011,355,1710.10 
9TCP/2392011,355,0110.10 
10TCP/2327011,182,7630.09 



Top 10 protocol TCP/80 - http: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
110.1.1.966.98.238.101253344,817,805943 denials recorded on 10/31/2006 12:01:59 AM
210.1.1.25212.145.177.3730747,384,611 
310.3.1.25466.98.238.1021035,882,474 
410.3.1.25466.220.30.311235,864,697 
510.3.1.254216.218.202.301127,213,804 
610.3.1.25466.98.238.1141026,603,697 
710.3.1.254209.132.200.311025,367,479 
810.3.1.254216.218.211.341417,341,790 
910.1.1.25164.21.46.1440513,712,9975436 denials recorded on 4/4/2006 4:30:22 AM
1010.3.1.254198.151.60.10022810,187,5013 denials recorded on 2/28/2006 11:17:18 AM

Top 10 protocol TCP/25 - smtp: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
110.1.1.4766.231.220.6753112,726,32250 denials recorded on 4/3/2006 11:10:39 PM

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
110.1.1.523,55010/31/2006 12:00:11 AM21.993550 denials recorded on 10/31/2006 12:00:11 AM
210.1.1.2322,18210/31/2006 12:05:01 AM13.522182 denials recorded on 10/31/2006 12:05:01 AM
310.1.1.994310/31/2006 12:01:59 AM05.84943 denials recorded on 10/31/2006 12:01:59 AM
410.1.1.13551610/31/2006 2:02:47 PM03.20 
5192.168.1.12246710/31/2006 9:53:57 AM02.89 
610.1.8.10338410/31/2006 2:27:40 AM02.38 
710.1.1.22335010/31/2006 9:37:29 AM02.17 
810.1.1.14833910/31/2006 1:27:31 AM02.101137 denials recorded on 4/4/2006 6:38:04 AM
910.1.1.21430610/31/2006 12:22:00 AM01.90 
1010.1.1.23030610/31/2006 12:31:49 AM01.90 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1216.220.225.1983,55010/31/2006 12:00:11 AM21.99 
212.158.80.102,25510/31/2006 7:04:28 PM13.97 
364.94.110.112,10310/31/2006 7:04:41 PM13.03 
4205.243.60.431,26710/31/2006 12:37:57 PM07.85 
5205.243.60.4297410/31/2006 12:37:36 PM06.03 
664.21.46.13484610/31/2006 12:20:42 AM05.24 
764.21.46.13784310/31/2006 12:21:03 AM05.22 
869.20.55.13780510/31/2006 12:01:59 AM04.99 
963.240.63.6944910/31/2006 9:53:57 AM02.78 
10205.243.60.4431510/31/2006 12:40:29 PM01.95 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/80 - http15,27010/31/2006 12:00:11 AM94.60 
2TCP/81 - http45510/31/2006 8:54:02 AM02.82 
3UDP/137 - netbios33910/31/2006 9:37:29 AM02.10 
4TCP/443 - ssl-https6310/31/2006 1:28:19 AM00.39 
5TCP/8080 - http proxy0610/31/2006 11:22:07 AM00.04 
6TCP/21 - ftp0310/31/2006 7:44:07 AM00.02 
7TCP/19350310/31/2006 9:52:28 AM00.02 
8TCP/5630310/31/2006 12:00:19 PM00.02 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1Policy id 6116,14210/31/2006 12:00:11 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.1.1.52216.220.225.198TCP/80 - httpPolicy id 613,55010/31/2006 12:00:11 AM21.993550 denials recorded on 10/31/2006 12:00:11 AM
210.1.1.969.20.55.137TCP/80 - httpPolicy id 6180510/31/2006 12:01:59 AM4.99943 denials recorded on 10/31/2006 12:01:59 AM
3192.168.1.12263.240.63.69TCP/81 - httpPolicy id 6144910/31/2006 9:53:57 AM2.78 
410.1.1.232205.243.60.43TCP/80 - httpPolicy id 6128810/31/2006 12:37:57 PM1.782182 denials recorded on 10/31/2006 12:05:01 AM
510.1.1.232205.243.60.44TCP/80 - httpPolicy id 6121310/31/2006 12:40:29 PM1.32 
610.1.1.135205.243.60.43TCP/80 - httpPolicy id 6115910/31/2006 2:05:53 PM0.99 
710.1.1.23264.21.46.135TCP/80 - httpPolicy id 6115310/31/2006 12:44:44 AM0.95 
810.1.1.23264.21.46.151TCP/80 - httpPolicy id 6115310/31/2006 12:45:05 AM0.95 
910.1.1.964.62.172.18TCP/80 - httpPolicy id 6113810/31/2006 12:33:21 AM0.85 
1010.1.1.135205.243.60.44TCP/80 - httpPolicy id 6110210/31/2006 2:09:35 PM0.63 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/80 - httpPolicy id 6115,27094.60 
2TCP/81 - httpPolicy id 614552.82 
3UDP/137 - netbiosPolicy id 613392.10 
4TCP/443 - ssl-httpsPolicy id 61630.39 
5TCP/8080 - http proxyPolicy id 61060.04 
6TCP/21 - ftpPolicy id 61030.02 
7TCP/1935Policy id 61030.02 
8TCP/563Policy id 61030.02 

Top 10 warning messages
NoSourceDestinationProtocolWarningCountFirst warning%Comment
110.1.1.966.98.238.101HTTPThe file kaspersky.zip is infected with Suspicious2110/31/2006 2:00:32 AM91.30943 denials recorded on 10/31/2006 12:01:59 AM
210.1.1.4766.231.220.67POP3The file is infected with HTML/BankFraud.E!phish0210/31/2006 8:30:04 PM8.7050 denials recorded on 4/3/2006 11:10:39 PM

Firewall: FGT8002604401800 - Interfaces: internal to port1 - Go to top
Top 10 sources
NoSourceBytes%Comment
110.3.1.25414,213,352100.00 

Top 10 destinations
NoDestinationBytes%Comment
1170.209.0.213,981,44398.37 
2170.209.0.3231,9091.63 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.3.1.254TCP/443 - ssl-https94714,213,352100.00 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.3.1.254170.209.0.2TCP/443 - ssl-https92713,981,44398.37 
210.3.1.254170.209.0.3TCP/443 - ssl-https20231,9091.63 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https94714,213,352100.00 

Firewall: FGT8002604401800 - Interfaces: internal to port2 - Go to top
Top 10 sources
NoSourceBytes%Comment
110.1.1.25115,522,305100.005436 denials recorded on 4/4/2006 4:30:22 AM

Top 10 destinations
NoDestinationBytes%Comment
169.49.150.14615,522,305100.001455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.1.1.251TCP/6129 - agobot-worm0114,907,72196.045436 denials recorded on 4/4/2006 4:30:22 AM
210.1.1.251TCP/3389 - ms rdp02614,4643.96 
310.1.1.251ICMP/8 - ping011200.00 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.1.1.25169.49.150.146TCP/6129 - agobot-worm0114,907,72196.045436 denials recorded on 4/4/2006 4:30:22 AM
5436 denials recorded on 4/4/2006 4:30:22 AM
1455 denials recorded on 10/31/2006 12:00:27 AM
210.1.1.25169.49.150.146TCP/3389 - ms rdp02614,4643.96 
310.1.1.25169.49.150.146ICMP/8 - ping011200.00 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/6129 - agobot-worm0114,907,72196.04 
2TCP/3389 - ms rdp02614,4643.96 
3ICMP/8 - ping011200.00 



Top 10 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
110.1.1.25169.49.150.14602614,4645436 denials recorded on 4/4/2006 4:30:22 AM
5436 denials recorded on 4/4/2006 4:30:22 AM
1455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
110.1.1.159610/31/2006 8:53:17 AM100.00213 denials recorded on 4/4/2006 7:00:17 AM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
169.49.150.1469610/31/2006 8:53:17 AM100.001455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/312391610/31/2006 3:53:14 PM16.67 
2TCP/311301510/31/2006 2:36:30 PM15.63 
3TCP/305991310/31/2006 9:30:46 AM13.54 
4TCP/309190710/31/2006 12:29:34 PM07.29 
5TCP/309200510/31/2006 12:31:05 PM05.21 
6TCP/307240410/31/2006 10:51:42 AM04.17 
7TCP/307380410/31/2006 10:54:16 AM04.17 
8TCP/307400410/31/2006 10:56:18 AM04.17 
9TCP/311510410/31/2006 2:41:34 PM04.17 
10TCP/312410410/31/2006 3:55:27 PM04.17 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1http_decoder: request_smuggling9510/31/2006 8:53:17 AM98.961455 denials recorded on 10/31/2006 12:00:27 AM
2http_decoder: request_smuggling, repeated 2 times0110/31/2006 12:30:39 PM01.04 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.1.1.1569.49.150.146TCP/31239http_decoder: request_smuggling1610/31/2006 3:53:14 PM16.67213 denials recorded on 4/4/2006 7:00:17 AM
213 denials recorded on 4/4/2006 7:00:17 AM
1455 denials recorded on 10/31/2006 12:00:27 AM
210.1.1.1569.49.150.146TCP/31130http_decoder: request_smuggling1510/31/2006 2:36:30 PM15.63 
310.1.1.1569.49.150.146TCP/30599http_decoder: request_smuggling1310/31/2006 9:30:46 AM13.54 
410.1.1.1569.49.150.146TCP/30919http_decoder: request_smuggling0610/31/2006 12:29:34 PM6.25 
510.1.1.1569.49.150.146TCP/30920http_decoder: request_smuggling0510/31/2006 12:31:05 PM5.21 
610.1.1.1569.49.150.146TCP/30724http_decoder: request_smuggling0410/31/2006 10:51:42 AM4.17 
710.1.1.1569.49.150.146TCP/30738http_decoder: request_smuggling0410/31/2006 10:54:16 AM4.17 
810.1.1.1569.49.150.146TCP/30740http_decoder: request_smuggling0410/31/2006 10:56:18 AM4.17 
910.1.1.1569.49.150.146TCP/31151http_decoder: request_smuggling0410/31/2006 2:41:34 PM4.17 
1010.1.1.1569.49.150.146TCP/31241http_decoder: request_smuggling0410/31/2006 3:55:27 PM4.17 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/31239http_decoder: request_smuggling1616.67 
2TCP/31130http_decoder: request_smuggling1515.63 
3TCP/30599http_decoder: request_smuggling1313.54 
4TCP/30919http_decoder: request_smuggling066.25 
5TCP/30920http_decoder: request_smuggling055.21 
6TCP/30724http_decoder: request_smuggling044.17 
7TCP/30738http_decoder: request_smuggling044.17 
8TCP/30740http_decoder: request_smuggling044.17 
9TCP/31151http_decoder: request_smuggling044.17 
10TCP/31241http_decoder: request_smuggling044.17 

Firewall: FGT8002604401800 - Interfaces: N/A to external - Go to top
Top 10 sources
NoSourceBytes%Comment
163.75.200.2518,084,27491.591853 denials recorded on 10/31/2006 12:01:10 AM
2192.63.69.2531,623,3808.22 
363.75.200.2037,3730.19 



Top 10 destinations
NoDestinationBytes%Comment
169.49.150.1019,707,65499.81 
269.49.150.12937,3730.19 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
163.75.200.25TCP/443 - ssl-https1,24118,084,27491.591853 denials recorded on 10/31/2006 12:01:10 AM
2192.63.69.253TCP/443 - ssl-https661,623,3808.22 
363.75.200.20ICMP/8 - ping28726,2920.13 
463.75.200.20UDP/161 - snmp0711,0810.06 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
163.75.200.2569.49.150.10TCP/443 - ssl-https1,24118,084,27491.591853 denials recorded on 10/31/2006 12:01:10 AM
2192.63.69.25369.49.150.10TCP/443 - ssl-https661,623,3808.22 
363.75.200.2069.49.150.129ICMP/8 - ping28726,2920.13 
463.75.200.2069.49.150.129UDP/161 - snmp0711,0810.06 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https1,30719,707,65499.81 
2ICMP/8 - ping28726,2920.13 
3UDP/161 - snmp0711,0810.06 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
163.75.200.251,85310/31/2006 12:01:10 AM99.781853 denials recorded on 10/31/2006 12:01:10 AM
269.39.70.2310310/31/2006 6:30:40 PM00.163 denials recorded on 10/31/2006 6:30:40 PM
361.190.208.30110/31/2006 2:08:00 PM00.051 denials recorded on 10/31/2006 2:08:00 PM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
169.49.150.101,85710/31/2006 12:01:10 AM100.00 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/22 - ssh1,85410/31/2006 12:01:10 AM99.84 
2TCP/80 - http0310/31/2006 6:30:40 PM00.16 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1Policy id 01,85710/31/2006 12:01:10 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
163.75.200.2569.49.150.10TCP/22 - sshPolicy id 01,85310/31/2006 12:01:10 AM99.781853 denials recorded on 10/31/2006 12:01:10 AM
269.39.70.23169.49.150.10TCP/80 - httpPolicy id 00310/31/2006 6:30:40 PM0.163 denials recorded on 10/31/2006 6:30:40 PM
361.190.208.369.49.150.10TCP/22 - sshPolicy id 00110/31/2006 2:08:00 PM0.051 denials recorded on 10/31/2006 2:08:00 PM

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/22 - sshPolicy id 01,85499.84 
2TCP/80 - httpPolicy id 0030.16 

Firewall: FGT8002604401800 - Interfaces: port1 to external - Go to top
Top 10 sources
NoSourceBytes%Comment
169.49.150.15418,368,408100.00 

Top 10 destinations
NoDestinationBytes%Comment
1199.169.223.1017,263,32093.98 
263.240.132.1011,105,0886.02 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
169.49.150.154OTHER1416,999,78492.55 
269.49.150.154ICMP/8 - ping011,105,0886.02 
369.49.150.154UDP/500 - ipsec21263,5361.43 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
169.49.150.154199.169.223.10OTHER1416,999,78492.55 
269.49.150.15463.240.132.101ICMP/8 - ping011,105,0886.02 
369.49.150.154199.169.223.10UDP/500 - ipsec21263,5361.43 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1OTHER1416,999,78492.55 
2ICMP/8 - ping011,105,0886.02 
3UDP/500 - ipsec21263,5361.43 



Firewall: FGT8002604401800 - Interfaces: port2 to internal - Go to top
Top 10 sources
NoSourceBytes%Comment
169.49.150.14635,643,766100.001455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 destinations
NoDestinationBytes%Comment
110.1.1.1819,095,15253.57241026 denials recorded on 4/3/2006 11:01:03 PM
210.1.1.1516,503,70446.30213 denials recorded on 4/4/2006 7:00:17 AM
310.1.1.1244,9100.13 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
169.49.150.146TCP/80 - http6316,503,70446.301455 denials recorded on 10/31/2006 12:00:27 AM
269.49.150.146TCP/389 - ldap52614,096,30239.55 
369.49.150.146TCP/32681111,984,9365.57 
469.49.150.146TCP/445 - netbios1911,402,3613.93 
569.49.150.146UDP/88 - kerberos4191,056,2032.96 
669.49.150.146TCP/53 - dns190316,9140.89 
769.49.150.146TCP/1027 - icq2079,1430.22 
869.49.150.146UDP/389 - ldap12650,2610.14 
969.49.150.146UDP/514 - syslog12644,9100.13 
1069.49.150.146TCP/88 - kerberos1243,0000.12 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
169.49.150.14610.1.1.15TCP/80 - http6316,503,70446.30213 denials recorded on 4/4/2006 7:00:17 AM
213 denials recorded on 4/4/2006 7:00:17 AM
1455 denials recorded on 10/31/2006 12:00:27 AM
269.49.150.14610.1.1.18TCP/389 - ldap52614,096,30239.55241026 denials recorded on 4/3/2006 11:01:03 PM
369.49.150.14610.1.1.18TCP/32681111,984,9365.57 
469.49.150.14610.1.1.18TCP/445 - netbios1911,402,3613.93 
569.49.150.14610.1.1.18UDP/88 - kerberos4191,056,2032.96 
669.49.150.14610.1.1.18TCP/53 - dns190316,9140.89 
769.49.150.14610.1.1.18TCP/1027 - icq2079,1430.22 
869.49.150.14610.1.1.18UDP/389 - ldap12650,2610.14 
969.49.150.14610.1.1.12UDP/514 - syslog12644,9100.13 
1069.49.150.14610.1.1.18TCP/88 - kerberos1243,0000.12 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/80 - http6316,503,70446.30 
2TCP/389 - ldap52614,096,30239.55 
3TCP/32681111,984,9365.57 
4TCP/445 - netbios1911,402,3613.93 
5UDP/88 - kerberos4191,056,2032.96 
6TCP/53 - dns190316,9140.89 
7TCP/1027 - icq2079,1430.22 
8UDP/389 - ldap12650,2610.14 
9UDP/514 - syslog12644,9100.13 
10TCP/88 - kerberos1243,0000.12 



Top 10 protocol TCP/80 - http: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
169.49.150.14610.1.1.156316,503,704213 denials recorded on 4/4/2006 7:00:17 AM
213 denials recorded on 4/4/2006 7:00:17 AM
1455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
169.49.150.1461,48010/31/2006 12:00:27 AM100.001455 denials recorded on 10/31/2006 12:00:27 AM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
110.1.1.1886610/31/2006 12:00:27 AM58.51241026 denials recorded on 4/3/2006 11:01:03 PM
210.1.1.1613310/31/2006 12:14:11 AM08.9993707 denials recorded on 4/3/2006 11:01:13 PM
310.1.1.152510/31/2006 9:30:47 AM01.69213 denials recorded on 4/4/2006 7:00:17 AM
4192.168.7.32410/31/2006 12:14:19 AM01.62 
510.1.6.32410/31/2006 12:14:19 AM01.622 denials recorded on 3/24/2006 5:37:42 AM
610.1.7.32410/31/2006 12:14:19 AM01.62261 denials recorded on 4/3/2006 11:01:18 PM
710.1.4.32410/31/2006 12:14:19 AM01.6213802 denials recorded on 3/24/2006 5:43:56 AM
810.1.2.32410/31/2006 12:14:19 AM01.62170 denials recorded on 9/29/2006 12:10:36 AM
9192.168.3.32410/31/2006 12:14:19 AM01.62 
1010.1.3.32410/31/2006 12:14:19 AM01.62 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1ICMP/8 - ping86610/31/2006 12:00:27 AM58.51 
2UDP/138 - netbios52810/31/2006 12:14:11 AM35.68 
3UDP/389 - ldap6110/31/2006 12:14:11 AM04.12 
4HTTP2510/31/2006 9:30:47 AM01.69 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1Policy id 941,45510/31/2006 12:00:27 AM98.31 
2http_decoder: request_smuggling2410/31/2006 9:30:47 AM01.62 
3web_server: IIS.Translate.F.Disclose0110/31/2006 12:30:26 PM00.07 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
169.49.150.14610.1.1.18ICMP/8 - pingPolicy id 9486610/31/2006 12:00:27 AM58.51241026 denials recorded on 4/3/2006 11:01:03 PM
241026 denials recorded on 4/3/2006 11:01:03 PM
1455 denials recorded on 10/31/2006 12:00:27 AM
269.49.150.14610.1.1.16UDP/138 - netbiosPolicy id 947210/31/2006 12:14:11 AM4.8693707 denials recorded on 4/3/2006 11:01:13 PM
369.49.150.14610.1.1.16UDP/389 - ldapPolicy id 946110/31/2006 12:14:11 AM4.12 
469.49.150.146192.168.7.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.62 
569.49.150.14610.1.6.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.622 denials recorded on 3/24/2006 5:37:42 AM
669.49.150.14610.1.7.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.62261 denials recorded on 4/3/2006 11:01:18 PM
769.49.150.14610.1.4.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.6213802 denials recorded on 3/24/2006 5:43:56 AM
869.49.150.14610.1.2.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.62170 denials recorded on 9/29/2006 12:10:36 AM
969.49.150.146192.168.3.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.62 
1069.49.150.14610.1.3.3UDP/138 - netbiosPolicy id 942410/31/2006 12:14:19 AM1.62 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1ICMP/8 - pingPolicy id 9486658.51 
2UDP/138 - netbiosPolicy id 9452835.68 
3UDP/389 - ldapPolicy id 94614.12 
4HTTPhttp_decoder: request_smuggling241.62 
5HTTPweb_server: IIS.Translate.F.Disclose010.07 

Firewall: FGT8002604401800 - Interfaces: Not specified - Go to top
Top 10 warning messages
NoSourceDestinationProtocolWarningCountFirst warning%Comment
163.75.200.25FGT8002604401800GUIUser admin login successfully from GUI(63.75.200.25)0310/31/2006 6:49:06 AM37.501853 denials recorded on 10/31/2006 12:01:10 AM
2192.63.69.253FGT8002604401800GUIUser admin login successfully from GUI(192.63.69.253)0310/31/2006 8:17:35 AM37.50 
310.1.1.252FGT8002604401800GUIUser nsnm-ro login successfully from GUI(10.1.1.252)0110/31/2006 9:28:44 AM12.50 
410.1.1.252FGT8002604401800SSHUser nsnm-ro login successfully from SSH(10.1.1.252)0110/31/2006 9:44:01 AM12.50 

Firewall: FGT8002604401800 - Interfaces: n/a to external - Go to top
Top 10 warning messages
NoSourceDestinationProtocolWarningCountFirst warning%Comment
169.49.150.1063.77.242.162IPSECVPN Tunnel: SCC-Primary - Negotiate SA Error: Peer's id payloads do not match local policy.55610/31/2006 12:02:25 AM100.00 

Firewall: FGT8002604401800 - Interfaces: if to - Go to top
Top 10 VPN users
NoSourceUserConnsFirst connLast connComment

Top 10 LAN-to-LAN VPNs
NoSourceDestinationProtocolConnsFirst connLast connComment
169.49.150.1063.77.242.174IPSEC10210/31/2006 12:14:58 AM10/31/2006 11:25:33 PM

Firewall: FGT8002604401800 - Interfaces: if to external - Go to top
Top 10 VPN users
NoSourceUserConnsFirst connLast connComment

Top 10 LAN-to-LAN VPNs
NoSourceDestinationProtocolConnsFirst connLast connComment
169.49.150.1063.77.242.162IPSEC149010/31/2006 12:02:25 AM10/31/2006 11:59:16 PM
269.49.150.1024.97.162.254IPSEC30510/31/2006 12:01:29 AM10/31/2006 11:59:44 PM
369.49.150.10207.190.247.1IPSEC1210/31/2006 6:26:52 AM10/31/2006 10:16:52 PM



Other messages
NoCodeMessage sampleCountComment

Analysis details
Analysis start time11/15/2011 6:46:12 PM
Analysis duration0.39 minutes (23 seconds)
Analysis engine versionFortigate parser version: 0.04
FireGen30Service.exe - FireGen scheduler service: 3.0.0.0
Filtering criteriaAll entries
Excluded keywordsNone
Glossary
!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.
  • Navigation